Community ManagerEA Forums Online Security Newsletter - Volume 2/ 2026
Welcome to the second edition of EA Forums Online Security Newsletter
Hey everyone, and welcome to the second edition of the EA Forums Online Security Newsletter!
We’re kicking off this edition with a quick reminder: there’s still time to join the leaderboard and earn a Level 2 or Level 3 badge by the end of the season. If you’re not familiar with the updates we’ve introduced in this year’s newsletter series, be sure to check out the previous edition or explore the Newsletter Badge Handbook. And of course, if anything is unclear, just ask in the thread!
Last month, we discussed the foundation of your online presence passwords. The community shared some fantastic insights and practical advice. If you missed it, head back to the previous edition or take a look at this month’s Community Highlights section for a recap.
This month, we’re shifting our focus toward the awareness side of online security as we dive into phishing. It’s a topic that has evolved significantly with the rise of AI. Today, we’re constantly exposed to videos, voice recordings, and images created or altered by artificial intelligence, making scams more convincing than ever.
Whenever you encounter a potential phishing attempt, pause and reflect on what made the interaction seem believable. Even more importantly, share those observations with others. Raising awareness is one of the most effective tools we have to combat evolving threats.
Stay safe and stay alert.
Skepticism Is Key
Be skeptical of any “free” items you’re asked to claim outside official channels or outside the game itself. In 99% of cases, if an offer sounds too good to be true, it probably is.
Make it a habit to verify promotions and rewards through official websites, verified social media accounts, or in-game announcements before taking any action.
Triple-Check the Links
Phishing links often imitate legitimate URLs by swapping letters, adding hyphens, or using characters that look nearly identical to the real ones.
If you have even the slightest doubt about a link you’re about to click, don’t. Trust your instincts. Your “spider-sense” might be right 😉
Head over to this month's quiz, you can test yourself on the fake or legitimate links there.
Social Media Messages
Be cautious when interacting with people you’ve met online via Discord, console messaging systems, or other social platforms.
The same rule applies to customer support. Legitimate support agents will never contact you directly outside official support channels (for example, through random Discord messages or console DMs). If someone does that’s a major red flag.
Invitations to Events You Didn’t Sign Up For
Phishing scams often rely on urgency and scarcity.
For example, after watching a stream from your favorite competitive player, you receive a message inviting you to attend an exclusive in-person event but you must act fast because there are only a few spots left.
If you didn’t sign up, it’s almost certainly a scam. And even if you did sign up for something, always verify the source before clicking any links or sharing personal information.
Creator Impersonation
Even if you’re part of a creator’s community, be extremely careful if someone contacts you claiming to be that creator.
Verify their identity through official, verified accounts. Double-check their intentions before engaging, clicking links, or sharing any details.
Phishing in Mobile Games
Many mobile games allow direct communication between players. While this platform is often overlooked, phishing still happens there.
Treat links and messages in mobile games with the same level of caution you would anywhere else.
Now Add AI to the Mix
With rapid advancements in AI, scammers can now create highly convincing video calls, voice messages, and realistic-looking content. This adds another layer of sophistication to phishing attempts.
Always stay cautious.
Always verify.
Always question anything that feels off.
If something sounds or looks suspicious, pause before you act.
Community Spotlight Volume 1: Password Hygiene
In this month’s Community Spotlight, we’re highlighting outstanding replies from Volume 1 – Password Hygiene.
The featured comments were selected based on the following criteria:
- Relevance to password hygiene
- Depth of insight
- Educational value
- Originality
- Potential impact on the community
High-Value Educational Contribution
As a particularly strong educational contribution, I’d like to highlight ElliotLH post:
I've been having a little think about some risky habits people might commonly do when signing up to gaming platforms or communities like this one. While I'm certain that there are a great many pitfalls, I keep coming back to the most basic: wherever possible, don't use the same details for multiple signups.
Of course, using a different email address for each platform or site may not be feasible, since not everyone has multiple email addresses, but at the very least, one should ensure that a different password is being used. If the same password is used on multiple platforms, the chances of all accounts being compromised increase, especially if the same email address has been used as well.
In a similar vein, I would also recommend avoiding using a social media profile, such as Facebook, for signing up to things, as if the social media profile is compromised, then people can quickly gain access to any site that has been linked (E.G. Facebook lists Apps and websites that have been linked in the past); not to mention being able to access a treasure trove of personal information and possibly even financial information which can be used neferiously in the future.
This post stood out because it:
- Directly addressing password reuse is a core password hygiene issue
- Clearly explained risk amplification (using the same email and password combination across platforms)
- Added nuance by mentioning social login risks
- Maintained a reflective, educational tone
- Encouraged meaningful behavioral change
It’s a great example of how to turn security awareness into practical improvement.
Behavioral Insight Spotlight
The second highlighted contribution this month comes from Bafanc :
The reason I didn't claim the rewards is part of my previous comment/advice: read carefully before clicking. It's an easy thing to recommend, but difficult to do... for people like me! In fact, that's what I DIDN'T do:
1) I took the test first and then read the instructions;
2) I took the test without carefully reading the questions.
The result was making mistakes (one) for not having read that the answer could be multiple and not having memorized the final code (but, knowing how lazy I am, I blocked its copy in the keyboard memory, hehe).
In my defense, I can say that not working on texts in my native language helps my proverbial laziness win over security.
MORAL: security is never enough if you're lazy enough to ignore every alert!
This reply was selected because it demonstrated:
- Honest self-reflection (“not reading carefully”)
- A clear link between complacency and security failure
- Reinforcement of the human factor in password hygiene
- A memorable closing line:
“Security is never enough if you're lazy enough to ignore every alert!”
Security is often less about technical limitations and more about habits, and this comment captured that perfectly.
Technical Depth Recognition
Lastly, Asmodeus566 delivered multiple strong technical contributions, including:
- A clear warning about password reuse
- Reinforcement of 2FA as a critical security layer
- Advice on using a dedicated email for sensitive accounts
- Highlighting the risks of “free content” baiting tactics
These insights combine technical understanding with practical application, exactly the type of knowledge-sharing that strengthens the entire community.
Thank you to everyone who contributed. Thoughtful discussions like these elevate the newsletter from information-sharing to real security awareness.
Let’s keep raising the bar.
